Security System for Industrial Control Infrastructure using Dynamic Signatures
First Claim
Patent Images
1. An industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the industrial control system comprising:
- (1) multiple control devices each providing;
(a) a device network poll for communicating with other elements of the industrial control system;
(b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;
(c) a control device processor communicating with the device network port and electrical connectors;
(d) a device electronic memory system accessible by the control device processor and holding;
operating software describing operation of control device, a data table holding representations of the electrical signals of the electrical connectors, a diagnostic program providing outputs monitoring the operation of the control device;
the data table and the outputs of the diagnostic program together defining a dynamic device state wherein the operating software is executable by the control device processor to;
(i) read at least a portion of the dynamic device state to generate a dynamic signature;
(ii) encrypt the dynamic signature; and
(iii) transmit the dynamic signature over the network port; and
(2) a security controller providing;
(a) a controller network port for communicating with other elements of the industrial control system;
(b) a security controller processor communicating with the controller network port; and
(c) a controller electronic memory system accessible by the security controller processor and holding;
a security program;
wherein the security program is executable by the security controller processor to;
(i) receive a dynamic signature from a given control device through the network port and decrypt the dynamic signature;
(ii) analyze the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and
(iii) provide an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values.
1 Assignment
0 Petitions
Accused Products
Abstract
An industrial control system hardened against malicious activity monitors highly dynamic control data to develop a dynamic thumbprint that can be evaluated to detect deviations from normal behavior of a type that suggest tampering or other attacks. Evaluation of the dynamic thumbprint may employ a set of ranges defining normal operation and reflecting known patterns of interrelationship between dynamic variables.
-
Citations
20 Claims
-
1. An industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the industrial control system comprising:
-
(1) multiple control devices each providing; (a) a device network poll for communicating with other elements of the industrial control system; (b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process; (c) a control device processor communicating with the device network port and electrical connectors; (d) a device electronic memory system accessible by the control device processor and holding;
operating software describing operation of control device, a data table holding representations of the electrical signals of the electrical connectors, a diagnostic program providing outputs monitoring the operation of the control device;
the data table and the outputs of the diagnostic program together defining a dynamic device state wherein the operating software is executable by the control device processor to;(i) read at least a portion of the dynamic device state to generate a dynamic signature; (ii) encrypt the dynamic signature; and (iii) transmit the dynamic signature over the network port; and (2) a security controller providing; (a) a controller network port for communicating with other elements of the industrial control system; (b) a security controller processor communicating with the controller network port; and (c) a controller electronic memory system accessible by the security controller processor and holding;
a security program;wherein the security program is executable by the security controller processor to; (i) receive a dynamic signature from a given control device through the network port and decrypt the dynamic signature; (ii) analyze the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and (iii) provide an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of establishing security in an industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the method including:
-
(1) at each control device; (a) generating a dynamic device state at the industrial control devices from a data table holding representations of electrical signals of the electrical connectors of each control device and outputs from a diagnostic program monitoring the operation of the control device; (b) reading at least a portion of the dynamic device state to generate a dynamic signature; (c) encrypting the dynamic signature with a public key encryption; and (d) transmitting the dynamic signature over a network port; (2) at a security controller; (a) receiving a dynamic signature from at least one given control device through the network port and decrypting the dynamic signature; (b) analyzing the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and (c) providing an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values. - View Dependent Claims (20)
-
Specification